Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0165)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2015.0165

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2015-0165)

Zusammenfassung: The remote host is missing an update for the 'lftp' package(s) announced via the MGASA-2015-0165 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'lftp' package(s) announced via the MGASA-2015-0165 advisory.

Vulnerability Insight:
Updated lftp packages fix security vulnerability:

lftp incorrectly validates wildcard SSL certificates containing literal
IP addresses, so under certain conditions, it would allow and use a wildcard
match specified in the CN field, allowing a malicious server to participate
in a MITM attack or just fool users into believing that it is a legitimate
site (CVE-2014-0139).

lftp was affected by this issue as it uses code from cURL for checking SSL
certificates. The curl package was fixed in MGASA-2014-0153.

Affected Software/OS:
'lftp' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-0139
Debian Security Information: DSA-2902 (Google Search)
http://www.debian.org/security/2014/dsa-2902
http://www.mandriva.com/security/advisories?name=MDVSA-2015:213
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://secunia.com/advisories/58615
http://secunia.com/advisories/59458
SuSE Security Announcement: openSUSE-SU-2014:0530 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
http://www.ubuntu.com/usn/USN-2167-1

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2015.0165
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0165)
Zusammenfassung:	The remote host is missing an update for the 'lftp' package(s) announced via the MGASA-2015-0165 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'lftp' package(s) announced via the MGASA-2015-0165 advisory. Vulnerability Insight: Updated lftp packages fix security vulnerability: lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site (CVE-2014-0139). lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MGASA-2014-0153. Affected Software/OS: 'lftp' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0139 Debian Security Information: DSA-2902 (Google Search) http://www.debian.org/security/2014/dsa-2902 http://www.mandriva.com/security/advisories?name=MDVSA-2015:213 http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://secunia.com/advisories/58615 http://secunia.com/advisories/59458 SuSE Security Announcement: openSUSE-SU-2014:0530 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html http://www.ubuntu.com/usn/USN-2167-1
Copyright	Copyright (C) 2022 Greenbone AG